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- Extensions of time may be available under the provisions of 37 CFR 1 , 136(a). In no event, however, may a reply be timely filed 
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closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
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DETAILED ACTION 

1 . Claims 1 -1 9 are pending. 

Drawings 

1 . This application has been filed with informal drawings which are acceptable for 
examination purposes only. Formal drawings will be required when the application is 
allowed. 

Claim Rejections - 35 USC § 103 

2. Claims 1-19 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Smith "Stack Smashing Vulnerabilities in the Unix Operating System" in view of Cowan 
et al "StackGuard : Automatic Adaptive Detection and Prevention of Buffer-Overflow 
Attacks." Smith describes elements of Unix memory management and methods of 
preventing stack smashing. Cowan discloses methods of detecting and preventing 
buffer overflow attacks. 

3. With regards to claims 1,4,8-11, and 1 3, Smith teaches a return address 
storage area for storing a return address for the source call for the execution of a 
currently active function (Smith, Page 12 Figure 7.1.b, Page 10 Paragraph 4), previous 
frame pointer storage area storing a previous frame pointer to said calling source for the 
execution of a currently active function (Smith, Page 12 Figure 7.1.b, Page 10 
Paragraph 4), and local variable storage area to be located below said return address 



Application/Control Number: 09/772,373 Page 3 

Art Unit: 2134 

storage area and said previous frame pointer storage area (Smith, Page 12 Figure 
7.1 .b, Page 10 Paragraph 4). Smith fails to disclose the use of a guard variable. 
Cowan discloses that when a data array is stored in a local variable area, a guard 
variable is stored in a location preceding the data array and the guard variable is used 
as target to confirm whether said return address has been destroyed (Cowan, Page 8 
Figure 2 "Canary Word", Page 8 Paragraphs 1 and 2). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to utilize 
Cowan's guard variable to detect the destruction of a return address with Smith's 
described Unix stack system because it offers the advantage of providing a method of 
preventing buffer overflow attacks on an any program compiled with Cowan's 
specialized compiler (Cowan, Page 3, Paragraphs 4 and 5). 

4. With regards to claim 2, Smith as modified teaches a character string stored in 
the local variable storage area in the memory pattern of the memory device (Smith, 
Page 16 Figure 9.c) and a guard variable preceding the character string (Cowan, Page 
4 Figure 1). 

5. With regards to claim 3, Smith as modified teaches a random number being 
employed as a guard variable that is stored in a local variable storage area in the 
memory pattern of the device (Cowan, Page 9). 

6. With regards to claims 5 and 15, Smith and Cowan teach everything disclosed 
above and Cowan further teaches a stack protection instruction preparation unit for 
receiving a source program and for adding to the source program an instruction for 
storing a guard variable (Cowan, Page 6 Paragraph 1, Page 3 Paragraph 5, Page 8 
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Paragraph 1). At the time the invention was made, it would have been obvious to a 
person of ordinary skill in the art to utilize Cowan's stack protection instruction 
preparation unit to insert a guard variable to detect the destruction of a return address 
with Smith's described Unix stack system because it offers the advantage of providing a 
method of preventing buffer overflow attacks on an any program compiled with Cowan's 
specialized compiler (Cowan, Page 3, Paragraphs 4 and 5). 

7. With regards to claims 6, 12, 14, and 16-18, Smith as modified teaches that 
when the destruction of the guard variable is discovered during the function return 
process (Cowan, Page 7 Paragraph 1) the stack protection execution unit performs an 
abnormal end process to halt the execution of the program and to notify a user of an 
occurrence of a stack smashing attack (Cowan, Page 13 Paragraphs 2-3, Smith Page 
21 Paragraph 3). 

8. With regards to claim 7, Smith as modified teaches the stack protection 
instruction preparation unit being mounted in a compiler that processes the source 
program written in a compatible language (Cowan, Page 6 Paragraph 1) and when 
translated adds an instruction for the storage of the guard variable (Cowan, Page 7 
Figure 3, Page 3 Paragraph 5). 

9. With regards to claim 19, Smith as modified discloses all that is described above, 
but fails to disclose a transmission means for reading and transmitting a program. 
Examiner takes official notice that the reading and transmission of programs is well 
known in the art and thus at the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to provide the ability to transmit a program 
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because it offers the advantage of allowing the execution of a program at a remote 
location. 

Conclusion 

10. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

1 1 . Yarom US Patent No. 5,949,973 discloses a method of relocating the stack in a 
computer system for preventing overwriting by an exploit program. 

12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew L Nalven whose telephone number is 703 305 
8407. The examiner can normally be reached on Monday - Thursday 8-6, Alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on 703 308 4789. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Andrew Nalven 
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